GRUB2 Squash4 Filesystem Module Integer Overflow Vulnerability Leading to Heap-Based Out-of-Bounds Write

An integer overflow vulnerability has been identified in the GRUB2 squash4 filesystem module. When the module reads data from a squash4 filesystem, it uses user-controlled parameters from the filesystem geometry to calculate the internal buffer size. However, the module fails to properly validate these calculations, allowing a maliciously crafted filesystem to manipulate the buffer size calculations. This oversight can cause the buffer size to overflow, leading to a memory allocation (grub_malloc()) with an unexpectedly small size. Consequently, the direct_read() function can perform a heap-based out-of-bounds write while reading data. This vulnerability could be exploited to corrupt GRUB's critical internal data, potentially allowing arbitrary code execution and bypassing secure boot protections.

Impact

Exploitation of this vulnerability can lead to heap-based out-of-bounds writes, allowing attackers to corrupt GRUB's internal critical data. This could result in arbitrary code execution, with the added risk of bypassing secure boot protections.